Situation

A hacker can reuse the Remote Management password information on the local managed device to authenticate into a remote session on another managed device when both the managed devices are configured with the same Remote Management password.

Resolution

Recommendation:1. Disable password mode of authentication in the Remote Management policy, if its not being used. The property is disabled by default in the policy.2. Distribute a common password via NAL or TED only in a trusted environment.

Status

Security Alert

Additional Information

The following conditions must be fulfilled for the hacker to play the attack:1. Both the managed devices must be configured with the same password. Note: This may be common when a password is distributed to managed devices via NAL in case of ZDM 7.x and ZfD 4.x, and via TED in case of ZSM 7.x and ZfS 3.x.2. The hacker must have access to a managed device configured with the Remote Management password.3. The hacker needs to have knowledge of the protocol used for Remote Management password authentication.

Note:1. A hacker cannot reuse the Remote Management password on a managed workstation to authenticate into a remote session on a managed server, and vice-versa.2. A hacker cannot exploit the vulnerability when the password mode of authentication is disabled on the target managed device.3. A hacker cannot exploit the vulnerability when the passwords do not match on the local and target managed device.

This vulnerability was discovered by ab, working with TippingPoint's Zero Day Iniative: TippingPoint ZDI-CAN-750

Disclaimer

This Support Knowledgebase provides a valuable tool for NetIQ/Novell/SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.